Re: [PATCH 05/13] Handle TCP SYN+ACK/ACK/RST transparency

Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx> · Sun, 30 Sep 2007 23:45:39 +0200 (CEST)

On Sep 30 2007 22:52, KOVACS Krisztian wrote:
>
>The TCP stack sends out SYN+ACK/ACK/RST reply packets in response to
>incoming packets. The non-local source address check on output bites
>us again, as replies for transparently redirected traffic won't have a
>chance to leave the node.
>
>This patch selectively sets the FLOWI_FLAG_ANYSRC flag when doing
>the route lookup for those replies. Transparent replies are enabled if
>the listening socket has the transparent socket flag set.

I needed to add extra patches to actually compile it cleanly....

> include/net/ip.h                |    3 +++
> include/net/request_sock.h      |    3 ++-
> net/ipv4/inet_connection_sock.c |    2 ++
> net/ipv4/ip_output.c            |    6 +++++-
> net/ipv4/syncookies.c           |    2 ++
> net/ipv4/tcp_ipv4.c             |   17 ++++++++++-------
> net/ipv4/tcp_minisocks.c        |    3 ++-
> net/ipv6/tcp_ipv6.c             |    5 +++--
> 8 files changed, 29 insertions(+), 12 deletions(-)
>

Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx>

---
 net/dccp/dccp.h      |    3 ++-
 net/dccp/minisocks.c |    3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

Index: linux-2.6.22.1/net/dccp/dccp.h
===================================================================

--- linux-2.6.22.1.orig/net/dccp/dccp.h
+++ linux-2.6.22.1/net/dccp/dccp.h
@@ -209,7 +209,8 @@ extern int  dccp_retransmit_skb(struct s
 
 extern void dccp_send_ack(struct sock *sk);
 extern void dccp_send_delayed_ack(struct sock *sk);
-extern void dccp_reqsk_send_ack(struct sk_buff *sk, struct request_sock *rsk);
+extern void dccp_reqsk_send_ack(struct sk_buff *sk, struct request_sock *rsk,
+	int reply_flags);
 
 extern void dccp_send_sync(struct sock *sk, const u64 seq,
 			   const enum dccp_pkt_type pkt_type);
Index: linux-2.6.22.1/net/dccp/minisocks.c
===================================================================
--- linux-2.6.22.1.orig/net/dccp/minisocks.c
+++ linux-2.6.22.1/net/dccp/minisocks.c
@@ -285,7 +285,8 @@ int dccp_child_process(struct sock *pare
 
 EXPORT_SYMBOL_GPL(dccp_child_process);
 
-void dccp_reqsk_send_ack(struct sk_buff *skb, struct request_sock *rsk)
+void dccp_reqsk_send_ack(struct sk_buff *skb, struct request_sock *rsk,
+    int reply_flags)
 {
 	DCCP_BUG("DCCP-ACK packets are never sent in LISTEN/RESPOND state");
 }
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




